CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: May 31, 2023. 01:20:03
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2023-22781 | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | May 12, 2023. 17:50:00 | [www.arubanetworks.com] |
| CVE-2023-30065 | MitraStar GPT-2741GNAC-N2 with firmware BR_g5.9_1.11(WVK.0)b32 was discovered to contain a remote code execution (RCE) vulnerability in the ping function. | May 12, 2023. 17:44:00 | [github.com] |
| CVE-2023-22780 | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | May 12, 2023. 17:44:00 | [www.arubanetworks.com] |
| CVE-2023-22779 | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | May 12, 2023. 17:41:00 | [www.arubanetworks.com] |
| CVE-2023-30399 | Insecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC before v189 allows attackers to redirect users to a crafted update package link via a man-in-the-middle attack. | May 12, 2023. 17:38:00 | [garocharging.com][www.garo.se] |
| CVE-2023-2114 | The NEX-Forms WordPress plugin before 8.4 does not properly escape the `table` parameter, which is populated with user input, before concatenating it to an SQL query. | May 12, 2023. 17:28:00 | [wpscan.com][github.com] |
| CVE-2023-1905 | The WP Popups WordPress plugin before 2.1.5.1 does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. This is due to an insufficient fix of CVE-2023-24003 | May 12, 2023. 17:19:00 | [wpscan.com] |
| CVE-2023-2583 | Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3. | May 12, 2023. 17:05:00 | [github.com][huntr.dev] |
| CVE-2023-30855 | Pimcore is an open source data and experience management platform. Versions of Pimcore prior to 10.5.18 are vulnerable to path traversal. The impact of this path traversal and arbitrary extension is limited to creation of arbitrary files and appending data to existing files. When combined with the SQL Injection, the exported data `RESTRICTED DIFFUSION 9 / 9` can be controlled and a webshell can be uploaded. Attackers can use that to execute arbitrary PHP code on the server with the permissions of the webserver. Users may upgrade to version 10.5.18 to receive a patch or, as a workaround, apply the patch manually. | May 12, 2023. 16:51:00 | [github.com][github.com] |
| CVE-2023-30092 | SourceCodester Online Pizza Ordering System v1.0 is vulnerable to SQL Injection via the QTY parameter. | May 12, 2023. 16:38:00 | [github.com][www.sourcecodester.com] |
| CVE-2023-30551 | Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of memory crash if files within the META-INF directory of the JAR are sufficiently large. Parsing of an APK file submitted to Rekor can cause an out of memory crash if the .SIGN or .PKGINFO files within the APK are sufficiently large. The OOM crash has been patched in Rekor version 1.1.1. There are no known workarounds. | May 12, 2023. 16:27:00 | [github.com][github.com] |
| CVE-2016-15031 | A vulnerability was found in PHP-Login 1.0. It has been declared as critical. This vulnerability affects the function checkLogin of the file login/scripts/class.loginscript.php of the component POST Parameter Handler. The manipulation of the argument myusername leads to sql injection. The attack can be initiated remotely. Upgrading to version 2.0 is able to address this issue. The name of the patch is 0083ec652786ddbb81335ea20da590df40035679. It is recommended to upgrade the affected component. VDB-228022 is the identifier assigned to this vulnerability. | May 12, 2023. 16:22:00 | [vuldb.com][vuldb.com] |
| CVE-2023-25289 | Directory Traversal vulnerability in virtualreception Digital Receptie version win7sp1_rtm.101119-1850 6.1.7601.1.0.65792 in embedded web server, allows attacker to gain sensitive information via a crafted GET request. | May 12, 2023. 16:16:00 | [www.exploit-db.com] |
| CVE-2023-27043 | The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python. | May 12, 2023. 16:15:00 | [github.com][python.org] |
| CVE-2022-47334 | In phasecheck server, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | May 12, 2023. 16:14:00 | [www.unisoc.com] |
| CVE-2022-47490 | In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | May 12, 2023. 16:09:00 | [www.unisoc.com] |
| CVE-2022-48384 | In srtd service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | May 12, 2023. 16:09:00 | [www.unisoc.com] |
| CVE-2023-1385 | Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS 7.6.3.3. | May 12, 2023. 16:07:00 | [www.bitdefender.com] |
| CVE-2022-47492 | In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | May 12, 2023. 16:06:00 | [www.unisoc.com] |
| CVE-2022-47493 | In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | May 12, 2023. 16:06:00 | [www.unisoc.com] |
Page 102 of 129
